Sign up for our weekly security newsletter

Hackers Compromise Adobe’s Software Endorsing Certificate

Adobe is cautioning how advanced threats hacked into its internal server, which was linked up with one of its infrastructure that had the digital certificate for approving software through extremely targeted assaults, thus reported ZDnet.com dated September 27, 2012.

Senior Director Brad Arkin in-charge of Product Security and Privacy stated that owing to the hack that apparently occurred in July 2012, it was expected that Adobe would withdraw the maliciously hijacked certificate on 4th October 2012 in order to halt current signing of harmful files. Scmagazine.com published this dated September 27, 2012.

Arkin wrote that Adobe was carrying out schemes for annulling the certificate followed with releasing revised Adobe software programs that had been approved via utilizing its certificate under seize. According to him, the attack under discussion worked when Adobe's digital certificate signing code ran on Windows PCs as well as 3 Adobe AIR software programs, which ran on Macintosh in addition to Windows platform.

Elsewhere, Arkin stated that the certificate-annulling procedure shouldn't be drawing customers' attention towards something significant. He added that his organization's investigation thus far had indicated no clue of any more high profile data, including Adobe's client, employee, source code or financial information as compromised. Threatpost.com published this dated September 27, 2012

Arkin, however, stated that Adobe didn't think the certificate got applied for endorsing malware widely spreading, or that it performed only the dual functions found.

The twin malicious programs that were endorsed using Adobe's mentioned certificate were "myGeeksmail.dll" and "pwdump7 v7.1" as Arkin identified them. According to him, Adobe handed over the programs to security companies especially anti-virus firms for letting them write signatures towards identifying those programs and thereby safeguarding clients.

Adobe, moreover, indicated how its secret codes that signed certificates were stored inside one module on the hardware while its software-endorsing processes were stringent. Despite that the hackers managed to get their malicious files signed.

Meanwhile, Chief Research Officer Mikko Hypponen of F-Secure the Finnish security company wrote on twitter.com that his firm's cache contained some thousand files that had certification via Adobe's compromised certificate; however, merely 3 were regarded infected. Scmagazine.com published this.